Adobe patches security flaws in Acrobat and Reader

Patches are available to download now.

From Bluetooth to IoT: Are we repeating the same security mistakes? The massive cyberattacks which took down some of the most popular websites on the internet show that device manufacturers are not learning from the mistakes of the past.

Adobe has released a set of security updates for Adobe Acrobat and Reader for Windows and Mac, patching vulnerabilities that could allow an attacker to take control of the affected system.

One vulnerability in Adobe Acrobat Reader DC can be exploited for the purposes of arbitrary code execution, Adobe said.

Uncovered by Cisco Talos researcher Aleksandar Nikolic, the TALOS-2017-0361 / CVE-2017-11263 exploit manifests in the parser program, the software component which takes inputs and builds them into data, in the Acroform parsing functionality used in PDFs.

A specifically-crafted PDF document could be designed to trigger this vulnerability and lead the parser to into an unintended state and therefore allow an attacker to access or overwrite memory inside the process for the purposes of arbitrary code execution.

The vulnerability would be triggered by a victim opening the malicious file or accessing a malicious webpage.

Adobe has released a software update that addresses the vulnerability, alongside updates for other vulnerabilities rated critical and important that "could potentially allow an attacker to take control of the affected system".